We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Fight off scammers? | Forum

Topic location: Forum home » Support » General Questions
Marcus Apr 30 '19
I am getting a lot of complaints from users saying that they are leaving case the site has got too many scammers. Since those are not automated boots what should I do to take control of this situation?
OW-Ghost Apr 30 '19
fingerprint plugin only that can stop this nothing else....there is one in the store but i have not testing it...

need all of this:

1. image finger print

2. browser finger print

3. hardware finger print

the biggest dating sites have this for example "cupidmedia"

another option:

let them create short video where they show some code in the video (think there is a plugin for this to in the store)

all other 3 options i feel is just BIG JOKE like "email verify" and "phone number verify" or "suspend ip"

If you ask me what i have done:

I have go the other direction. i let all scammers get inside and all REAL people to with no long process to create a account. 

i think this strategy is a win win in the long run to get all members easy access to you apps and website very fast . i try make the fake people tired to create new account all the time because i can easy see when they join with a IP that not match the location they put up on they profile

and put many profile questions then they get tired create new account all the time because they need fill in all this profile question all the time when they make a new account... that my strategy to

Good luck...

The Forum post is edited by OW-Ghost Apr 30 '19
AppXprt Apr 30 '19
It may be possible, but isn't really feasible for Oxwall to do fingerprint scanning and becomes a very serious privacy issue as you will have to fiercely protect the fingerprints of your users against breach. In general, your users are not going to be willing to just submit their fingerprints to you and it will only serve to create very serious concerns among them. 

When there is a breach of the fingerprint data in your DB, you will most likely face a lawsuit.

This is simply just irresponsible for any admin to include in their site, because I guarantee none of you can ensure the safety of a user's fingerprint in your database! 

Think I'm Wrong? 

How many of you actually have a Secure Data Environment behind a secondary internal firewall where you are actually allowed to store data like this?

Hint... This doesn't come with your hosting provider, it comes with a custom designed infrastructure...

Unless you have your own in house servers and infrastructure, you don't and won't have this type of secure environment...

Storing unencrpyted "PII" or "personally identifiable information" outside of a Secure Data Environment can be dangerous.

Personally Identifiable Information (PII). The term “PII,” refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. 


Honestly, I believe that this information may not even be protected in Oxwall / Skadate properly, but it does depend on multiple factors so somewhat hard to determine. Protecting some of this information in a password protected DB may be "sufficient" enough for some companies, where as larger databases or those containing massive amount of user with specific PII may need to have this information encrypted or even in a separate secure DB behind a firewall that is inaccessible from the local network (LAN) where the regular data is stored and handled. In this way, only the user and the system should have access to the PII data and traffic in the secure data environment.

Many assume PII refers solely to information such as a social security number, driver’s license, and credit card or bank account numbers.  However, it also includes information such as full name, home address, date of birth, birthplace, telephone numbers and more.

The Forum post is edited by AppXprt Apr 30 '19
AppXprt Apr 30 '19

CupidMedia most certainly has a SDE/CDE and would be capable of keeping the fingerprints secure in this environment.

The reason you shouldn't do this is because your OxWall sites are hosted on a hosting provider and not on your own custom in house infrastructure design like other very large organizations and sites who can design and build a SDE...

Most of us don't have the resources to do anything like this yet...

Sometimes email, phone or IP's are also considered PII in certain circumstances and must be secured properly in all databases as well.

This information also goes for processing financial transactions without a 3rd party card processor... Should NOT be done without Cardholder Data Environment...

BTW an SDE and CDE are essentially the same thing...

See: https://sqone.net/about-sq1/secure-data-environment

The Forum post is edited by AppXprt Apr 30 '19
AppXprt Apr 30 '19
Let me teach you how to develop oxwall plugins Ghost...

There are others that will probably help you too...
Yes I think you had some legitimately good ideas, but I think I misunderstood a little.

One of your ideas about picture fingerprint made me think twice...

Did you know google will let you search based on an image? You could maybe build a plugin that checks the image that gets uploaded and rejects the user if its not a genuine / original photo or if the results returned are more than say maybe on 5/10/15 sites then its probably a spammer/scammer...
AppXprt Apr 30 '19
If you learned how to make plugins you could make these ideas and extend your site yourself!
Marcus May 1 '19

Thanks guys. They used to scam by posting on profiles or replying to posts. They stopped doing that case I would ban anyone for such behavior. Now they switched tactics and started sending messages to users. I need to somehow catch users that send an excessive amount of messages.

I think we need to set a time limit that will prevent users from sending bunch of messages in short period of time.

Some like forums have. 1 message per minute!

OR notify admin about any user that went above some established messages per day limit!

Another approach would be to limit users posting to friends only. Meaning that you have to be accepted as a friend first before you can post, send messages, etc.

I am lining more towards post time restriction!

The Forum post is edited by Marcus May 1 '19
Senior Developer Leader
Senior Developer May 9 '19

Hi Marcus!

Unfortunately all those things most of the time don't stop the scammers, it just stops spam and eventually stops your website from fast growing. 

First you need to describe the "modus operandi" of the scammers from your website, how do your users get scammed so we can provide a real answer to your needs based on your problem.

Senior Developer.

OW-Ghost May 10 '19
There is no good soluton for this 2019 all bigger websites want to find a good solution for this even facebook and tinder and many others

video verification is best for stop fake people and for them come back over and over again BUT it have a price you will loosing many people sign up on your website because they not comfortable create such video and the process will bee long

Next step is digital bank login in and acctualy some website have make this working....it is a easy process for sign up

BUT about bank login the problem is: every country have they own bank login app

A bank login plugin would bee awsome for oxwall websites if it works with all this bank login apps that very country have :) 

Please someone create such plugin and we are find the best solution for get rid of scammers and a easy process for create a REAL account

The Forum post is edited by OW-Ghost May 10 '19
Marcus May 10 '19
The simply send same message to everybody day after day.
Patricia Zorrilla Leader
Patricia Zorrilla May 10 '19

Well it is not difficult to create a plugin that reads the last 10 conversations initiated by people who send many (to define how many are many, if more than 3 every 5 minutes, for example), or have more than 10 conversations sent without being answered , read the first message of each one and find if 7 out of 10 words match ... That would automatically point them to a blacklist that would prevent them from sending more until they respond or a moderator removes the block.

I would only have to adapt to messages one that I have running on my website (it is not for sale yet) that blocks me from those who place ads and repeated events, I have members that are local clubs, discos, they are very heavy. They do not understand that I allow them to advertise but not repeated announcements. 

ArtMedia May 10 '19

you can create user role "verified", which will require verification and then you can use this plugin; https://developers.oxwall.com/store/item/1440

set limit for default role: 1 message per day, this should help,

to check if user which want verification dont have account earlier, you can use fingerprint plugin


Senior Developer Leader
Senior Developer May 10 '19
What does the messages say?

Can you copy an example and paste it here?

This plugin (VERIFIED MEMBERS) let your users verify their account with photos and after the verification they can get another role, you can use roles to block unverified from posting. Only verified users will be allowed to post. Or use ArtMedia's plugin to set message limit to unverified users.

If verified users start scamming, you can block them and when they try to verify again, with the fingerprint plugin you can see if the new user trying to verify is the same user that already was blocked.

This plugin includes a feature to stop real users from posting links if they are new and block spammers. (ANTI SPAM, ANTI BOTS KILLER)

I don't really know what do they do to convince users to give them their money so it is difficult to tell you the best answer for your needs, but that plugins may help somehow.

Senior Developer.

Senior Developer Leader
Senior Developer May 10 '19
The anti spam plugin also includes a auto flag feature. The admin adds a word list or phrases and the user who post something containing any of this words or phrases gets auto flagged so you can see who is trying to do harm, next update will include auto blocking so they get timed out when they send a message with that words. 

Maybe adding another feature to my plugin to check if last messages are equal and auto ban them its another way to fix this.
Senior Developer.

Patricia Zorrilla Leader
Patricia Zorrilla May 10 '19
It is not ethical to copy the ideas for plugins of others, please respect us.
Quote from Senior Developer

Maybe adding another feature to my plugin to check if last messages are equal and auto ban them its another way to fix this.
Senior Developer.

Senior Developer Leader
Senior Developer May 10 '19

Quote from Patricia Zorrilla Bcn It is not ethical to copy the ideas for plugins of others, please respect us.
Quote from Senior Developer

Maybe adding another feature to my plugin to check if last messages are equal and auto ban them its another way to fix this.
Senior Developer.

I'm trying to solve a problem for him, I don't really need to add this to my plugin to keep selling it.

Do you have a plugin that does this? Are you making one?

Senior Developer.

The Forum post is edited by Senior Developer May 10 '19
Patricia Zorrilla Leader
Patricia Zorrilla May 10 '19

I just commented that I have a plugin that does this same for events and announcements, that creates a list of users banned from publishing more and that it would be easy to extend it to control messages as well.

I felt that the idea was stolen, but well, it does not sell very little either if you do not put "Leader", "Team", "OxWall" under your photo or you have 500 plugins like ArtMedia.

If you do not pass any balls to the new players, the team is doomed to extinction.

I'm going to program, I have many plugins half done.

Marcus May 13 '19
Not every spammer posts same message! But generally they ask user to contact them via email that they provide in their message.
Marcus May 13 '19
I have a plugin created that prevents users from contacting other users who are not in their friends list! It's ready to go but I am a bit hesitant to make it alive!

I believe that this will increase engagement by encouraging users to add other users to their friends and will limit spammers abilities to spam.

Plus if some friend of mine starts spamming I will kick them from my friends list!

P.S. Thank you all guys!

P.S. Many legit users send same messages to other users so blocking such behavior can do more harm than good.

Limiting posts per day can give an impression that they would be asked to pay money in the future plus who wants to get blocked/limited in the middle of the dating chat.

The Forum post is edited by Marcus May 13 '19
Kenneth Parkes
Kenneth Parkes Nov 16 '22
Afew years ago and much preferred Oxwall https://megamallcity.com I've had no issues with it. I know it is no longer supported, .
Pages: 1 2 »